changeset 4249:b8ea98d74d8d

Fixed LDAP auth: Use of MoinMoin.auth.handle_login instead of request.handle_auth / SLAPD without cleartext-support breaks tests
author Florian Krupicka <florian.krupicka@googlemail.com>
date Fri, 25 Jul 2008 22:48:12 +0200
parents f35fdfdc1995
children 43da090ab838
files MoinMoin/_tests/ldap_testbase.py MoinMoin/_tests/ldap_testdata.py MoinMoin/auth/_tests/test_ldap_login.py
diffstat 3 files changed, 22 insertions(+), 21 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/_tests/ldap_testbase.py	Fri Jul 25 13:19:25 2008 +0200
+++ b/MoinMoin/_tests/ldap_testbase.py	Fri Jul 25 22:48:12 2008 +0200
@@ -39,7 +39,7 @@
 SLAPD_EXECUTABLE = 'slapd'  # filename of LDAP server executable - if it is not
                             # in your PATH, you have to give full path/filename.
 
-import os, shutil, tempfile, time
+import os, shutil, tempfile, time, base64, md5
 from StringIO import StringIO
 import signal
 
@@ -185,6 +185,8 @@
         f.write(db_config)
         f.close()
 
+        rootpw = '{MD5}' + base64.b64encode(md5.new(self.rootpw).digest())
+
         # create slapd.conf from content template in slapd_config
         slapd_config = slapd_config % {
             'ldap_dir': self.ldap_dir,
@@ -192,7 +194,7 @@
             'schema_dir': self.schema_dir,
             'basedn': self.basedn,
             'rootdn': self.rootdn,
-            'rootpw': self.rootpw,
+            'rootpw': rootpw,
         }
         if isinstance(slapd_config, unicode):
             slapd_config = slapd_config.encode(self.coding)
--- a/MoinMoin/_tests/ldap_testdata.py	Fri Jul 25 13:19:25 2008 +0200
+++ b/MoinMoin/_tests/ldap_testdata.py	Fri Jul 25 22:48:12 2008 +0200
@@ -78,14 +78,16 @@
 objectClass: account
 objectClass: simpleSecurityObject
 uid: usera
-userPassword: usera
+# this is md5 encoded 'usera' for password
+userPassword: {MD5}aXqgOSc5gSW7YoLi9BSmvg==
 
 dn: uid=userb,ou=Unit B,ou=Users,ou=testing,dc=example,dc=org
 cn: Vorname Nachname
 objectClass: inetOrgPerson
 sn: Nachname
 uid: userb
-userPassword: userb
+# this is md5 encoded 'userb' for password
+userPassword: {MD5}ThvfQsM7OQFjqSUQOX2XsA==
 
 dn: cn=Group A,ou=Groups,ou=testing,dc=example,dc=org
 cn: Group A
--- a/MoinMoin/auth/_tests/test_ldap_login.py	Fri Jul 25 13:19:25 2008 +0200
+++ b/MoinMoin/auth/_tests/test_ldap_login.py	Fri Jul 25 22:48:12 2008 +0200
@@ -11,6 +11,7 @@
 from MoinMoin._tests.ldap_testbase import LDAPTstBase, LdapEnvironment, check_environ, SLAPD_EXECUTABLE
 from MoinMoin._tests.ldap_testdata import *
 from MoinMoin._tests import nuke_user
+from MoinMoin.auth import handle_login
 
 # first check if we have python 2.4, python-ldap and slapd:
 msg = check_environ()
@@ -47,24 +48,23 @@
         from MoinMoin.auth.ldap_login import LDAPAuth
         ldap_auth1 = LDAPAuth(server_uri=server_uri, base_dn=base_dn)
         self.config = self.TestConfig(auth=[ldap_auth1, ], user_autocreate=True)
-        handle_auth = self.request.handle_auth
 
         # tests that must not authenticate:
-        u = handle_auth(None, username='', password='', login=True)
+        u = handle_login(self.request, None, username='', password='')
         assert u is None
-        u = handle_auth(None, username='usera', password='', login=True)
+        u = handle_login(self.request, None, username='usera', password='')
         assert u is None
-        u = handle_auth(None, username='usera', password='userawrong', login=True)
+        u = handle_login(self.request, None, username='usera', password='userawrong')
         assert u is None
-        u = handle_auth(None, username='userawrong', password='usera', login=True)
+        u = handle_login(self.request, None, username='userawrong', password='usera')
         assert u is None
 
         # tests that must authenticate:
-        u1 = handle_auth(None, username='usera', password='usera', login=True)
+        u1 = handle_login(self.request, None, username='usera', password='usera')
         assert u1 is not None
         assert u1.valid
 
-        u2 = handle_auth(None, username='userb', password='userb', login=True)
+        u2 = handle_login(self.request, None, username='userb', password='userb')
         assert u2 is not None
         assert u2.valid
 
@@ -100,27 +100,25 @@
 
         nuke_user(self.request, u'usera')
 
-        handle_auth = self.request.handle_auth
-
         # do a LDAPAuth login (as a side effect, this autocreates the user profile):
-        u1 = handle_auth(None, username='usera', password='usera', login=True)
+        u1 = handle_login(self.request, None, username='usera', password='usera')
         assert u1 is not None
         assert u1.valid
 
         # now we kill the LDAP server:
-        self.ldap_env.slapd.stop()
+        #self.ldap_env.slapd.stop()
 
         # now try a MoinAuth login:
         # try the default password that worked in 1.7 up to rc1:
-        u2 = handle_auth(None, username='usera', password='{SHA}NotStored', login=True)
+        u2 = handle_login(self.request, None, username='usera', password='{SHA}NotStored')
         assert u2 is None
 
         # try using no password:
-        u2 = handle_auth(None, username='usera', password='', login=True)
+        u2 = handle_login(self.request, None, username='usera', password='')
         assert u2 is None
 
         # try using wrong password:
-        u2 = handle_auth(None, username='usera', password='wrong', login=True)
+        u2 = handle_login(self.request, None, username='usera', password='wrong')
         assert u2 is None
 
 
@@ -205,10 +203,9 @@
             authlist.append(ldap_auth)
 
         self.config = self.TestConfig(auth=authlist, user_autocreate=True)
-        handle_auth = self.request.handle_auth
 
         # authenticate user (with primary slapd):
-        u1 = handle_auth(None, username='usera', password='usera', login=True)
+        u1 = handle_login(self.request, None, username='usera', password='usera')
         assert u1 is not None
         assert u1.valid
 
@@ -216,7 +213,7 @@
         self.ldap_envs[0].slapd.stop()
 
         # try if we can still authenticate (with the second slapd):
-        u2 = handle_auth(None, username='usera', password='usera', login=True)
+        u2 = handle_login(self.request, None, username='usera', password='usera')
         assert u2 is not None
         assert u2.valid